Secure your XAMPP local web development environment for macOS

Home-Office Work Station

After setting up a local web development environment with XAMPP for MacOS, you should still secure your installation, even if you're the only one working on your computer.

  1. Open Terminal
  2. Run the xampp's security check, enter your computer password when prompted
    sudo /Applications/XAMPP/xamppfiles/xampp security
  3. XAMPP will check if MySQL is accessible via network, this should be turned off. Simply type yes or press the return key and let the the MySQL service to restart
    XAMPP: Quick security check...
    XAMPP: MySQL is accessable via network. 
    XAMPP: Normaly that`s not recommended. Do you want me to turn it off? [yes]
    XAMPP: Turned off.
    XAMPP: Stopping MySQL...ok.
    XAMPP: Starting MySQL...ok.
  4. Next, XAMPP will check the MySQL/phpMyAdmin user pma password. You can use the same computer password or a different one. Just remember what it is!
    XAMPP: The MySQL/phpMyAdmin user pma has no password set!!! 
    XAMPP: Do you want to set a password? [yes] yes
    XAMPP: Password: 
    XAMPP: Password (again): 
    XAMPP: Setting new MySQL pma password.
    XAMPP: Setting phpMyAdmin`s pma password to the new one.
  5. Then, XAMPP will check the MySQL root password. Again, you can use the same computer password or a different one.
    XAMPP: MySQL has no root passwort set!!! 
    XAMPP: Do you want to set a password? [yes] yes
    XAMPP: Write the password somewhere down to make sure you won`t forget it!!! 
    XAMPP: Password: 
    XAMPP: Password (again): 
    XAMPP: Setting new MySQL root password.
  6. Lastly, XAMPP will check the FTP password. Set the password again.
    XAMPP: The FTP password for user 'daemon' is still set to 'xampp'. 
    XAMPP: Do you want to change the password? [yes]
    XAMPP: Password: 
    XAMPP: Password (again): 
    XAMPP: Reload ProFTPD...ok.
    XAMPP: Done.

Your XAMPP is now secure for local web development!

Add new comment

Plain text

  • No HTML tags allowed.
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.